Move the full Blink version envelope reading logic into V8ScriptValueDeserializer.

Move the full Blink version envelope reading logic into V8ScriptValueDeserializer.

Doing a proper varint decode ensures that the code to read the version from the
envelope and the code that detects the envelope agree.

The fuzzer detected that it was possible to encode a small version number
with a large number of bytes (with the leading one being 0x80). This corrects
that and adds a test for that case.

BUG=697505
Review-Url: https://codereview.chromium.org/2731533002
Cr-Commit-Position: refs/heads/master@{#454467}
Committed: https://chromium.googlesource.com/chromium/src/+/43c2760715bdba5d474b1f0537244de8c7680ab6

[jbroman, 2017-03-02 16:58:25]

The CQ bit was checked by jbroman@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-02 16:58:40]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-02 19:07:57]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-02 19:07:58]

Dry run: This issue passed the CQ dry run.

[jbroman, 2017-03-02 19:44:33]

jbroman@chromium.org changed reviewers:
+ haraken@chromium.org

[jbroman, 2017-03-02 19:44:34]

So you were right, and there was an edge case in this code I hadn't though of
(but the fuzzer found). Wouldn't have been a security issue, but for safety I've
just used the proper varint code (specialized for 32-bits), copied from V8. This
should be solid. :)

[haraken, 2017-03-02 23:20:17]

LGTM

[jbroman, 2017-03-03 02:12:01]

The CQ bit was checked by jbroman@chromium.org

[commit-bot: I haz the power, 2017-03-03 02:12:40]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-03 02:17:28]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1488507121659650, "parent_rev":
"1cc152a6b78db34bd3c07977b32c5bcd2769d084", "commit_rev":
"43c2760715bdba5d474b1f0537244de8c7680ab6"}

[commit-bot: I haz the power, 2017-03-03 02:18:06]

Description was changed from

==========
Move the full Blink version envelope reading logic into
V8ScriptValueDeserializer.

Doing a proper varint decode ensures that the code to read the version from the
envelope and the code that detects the envelope agree.

The fuzzer detected that it was possible to encode a small version number
with a large number of bytes (with the leading one being 0x80). This corrects
that and adds a test for that case.

BUG=697505
==========

to

==========
Move the full Blink version envelope reading logic into
V8ScriptValueDeserializer.

Doing a proper varint decode ensures that the code to read the version from the
envelope and the code that detects the envelope agree.

The fuzzer detected that it was possible to encode a small version number
with a large number of bytes (with the leading one being 0x80). This corrects
that and adds a test for that case.

BUG=697505

Review-Url: https://codereview.chromium.org/2731533002
Cr-Commit-Position: refs/heads/master@{#454467}
Committed:
https://chromium.googlesource.com/chromium/src/+/43c2760715bdba5d474b1f053724...
==========

[commit-bot: I haz the power, 2017-03-03 02:18:07]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/43c2760715bdba5d474b1f053724...